IN THE CLAIMS: 



1. (Previously Presented) A method of performing encrypted WLAN 
(Wireless Local Area Network) communication, comprising the steps of: 

operating driver software to perform a connection set-up for said 
encrypted WLAN communication; and 

operating a WLAN chip to perform data frame encapsulation and/or 
decapsulation during said encrypted WLAN communication; 

wherein said connection set-up is performed by executing software- 
implemented instructions of said driver software without exchanging 
intermediate data with said WLAN chip, wherein performing said 
connection set-up comprises exchanging cryptographic keys between a 
WLAN station and another WLAN station and/or a WLAN access point; 
and 

wherein said data frame encapsulation and/or decapsulation is performed 
by operating single-purpose hardware of said WLAN chip without 
executing software-implemented instructions of said driver software, 
wherein performing said encrypted WLAN communication further 
comprises obtaining a plurality of data frames intended for said data frame 
encapsulation from driver software. 

2. (Original) The method of claim 1, wherein the step of performing said 
connection set-up comprises authenticating a WLAN station by another 
WLAN station and/or a WLAN authentication server. 

3. (Original) The method of claim 1, wherein the step of performing said 
connection set-up comprises associating a WLAN station with another 
WLAN station and/or a WLAN access point as WLAN communication 
counter-parts. 
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4. (Cancelled). 

5. (Cancelled). 

6. (Previously Presented) The method of claim 1, wherein the step of 
obtaining the plurality of data frames comprises obtaining a plurality of 
data frames comprising cipher information indicating a determining factor 
for performing the data frame encapsulation and/or decapsulation. 

7. (Original) The method of claim 6, wherein said determining factor 
comprises a way in which a data frame intended for the data frame 
encapsulation is fragmented. 

8. (Original) The method of claim 6, wherein said determining factor 
comprises a cipher protocol suitable for performing the data frame 
encapsulation. 

9. (Original) The method of claim 6, wherein said determining factor 
comprises a cryptographic key suitable for encrypting a data frame. 

10. (Previously Presented) The method of claim 1, wherein performing said 
encrypted WLAN communication further comprises selecting one of the 
plurality of data frames for said data frame encapsulation by performing a 
prioritization algorithm implemented on the single-purpose hardware. 

11. (Previously Presented) The method of claim 1, wherein the step of 
performing said data frame encapsulation comprises inserting a package 
number and/or sequence number into one of the plurality of data frames. 

12. (Previously Presented) The method of claim 1, wherein the step of 
performing said data frame encapsulation comprises encrypting at least 
part of one of the plurality of data frames. 

13. (Previously Presented) The method of claim 1, wherein the step of 
performing said data frame encapsulation comprises calculating an 
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integrity value appropriate for verifying integrity of one of the plurality of 
data frames once said data frame decapsulation is completed. 

14. (Original) The method of claim 13, wherein the step of performing said 
data frame encapsulation comprises encrypting said integrity value. 

15. (Original) The method of claim 14, wherein the step of performing said 
data frame encapsulation comprises inserting the encrypted integrity value 
into one of the plurality of data frames. 

16. (Original) The method of claim 1, wherein performing said encrypted 
WLAN cornmunication further comprises receiving a data frame intended 
for said data frame decapsulation from a WLAN station and/or WLAN 
access point. 

17. (Original) The method of claim 1, wherein the step of performing said 
data frame decapsulation comprises obtaining cipher information 
indicating a determining factor for performing the data frame 
encapsulation and/or decapsulation from a storage unit within the single- 
purpose hardware. 

18. (Original) The method of claim 17, wherein said determining factor 
comprises a cipher protocol suitable for performing the data frame 
decapsulation. 

19. (Original) The method of claim 17, wherein said determining factor 
comprises a cryptographic key suitable for decrypting a data frame. 

20. (Original) The method of claim 16, wherein the step of performing said 
data frame decapsulation comprises decrypting at least part of the data 
frame. 

21. (Original) The method of claim 20, wherein the data frame comprises an 
encrypted integrity value appropriate for verifying integrity of the data 
frame once said data frame decapsulation is completed, and the step of 
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decrypting at least part of the data frame comprises decrypting the 
encrypted integrity value. 

22. (Original) The method of claim 21, wherein the step of performing said 
data frame decapsulation further comprises calculating the integrity value 
from at least part of the data frame except the encrypted integrity value. 

23. (Original) The method of claim 22, wherein the step of performing said 
data frame decapsulation further comprises calculating an integrity 
verification value indicating a difference between the decrypted integrity 
value and the calculated integrity value. 

24. (Original) The method of claim 23, wherein the step of performing said 
data frame decapsulation further comprises inserting said integrity 
verification value into the data frame. 

25. (Original) The method of claim 24, wherein performing said encrypted 
WLAN communication further comprises performing counter-measures 
according to said integrity verification value by executing software- 
implemented instructions, wherein said counter-measures are suitable for 
limiting the amount of information available to an illegitimate WLAN 
protruder. 

26. (Original) The method of claim 1, wherein the step of performing said 
data frame encapsulation and/or decapsulation comprises generating 
cryptographic data suitable for encrypting or decrypting a data frame. 

27. (Original) The method of claim 26, wherein the step of generating 
cryptographic data comprises generating authentication data suitable for 
encrypting a data frame in a manner specific to a WLAN station or 
decrypting a data frame encrypted in a manner specific to a WLAN 
station. 
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28. (Original) The method of claim 1, wherein said encrypted WLAN 
communication is performed based on the IEEE 802.1 li security standard. 

29. (Original) The method of claim 1, wherein said encrypted WLAN 
communication is performed in a WLAN based on the IEEE 802.11b 
standard. 

30. (Original) The method of claim 1, wherein said software-implemented 
instructions are executed on general-purpose hardware by driver software. 

3 1 . (Original) The method of claim 1 , wherein said single-purpose hardware is 
operated periodically. 

32. (Original) The method of claim 31, wherein said single-purpose hardware 
is operated periodically at 1 1MHz. 

33. (Original) The method of claim 31, wherein said data frame encapsulation 
and/or decapsulation is performed according to the TKIP (Temporal Key 
Integrity Protocol) protocol. 

34. (Original) The method of claim 33, wherein the step of performing said 
data frame encapsulation and/or decapsulation comprises performing RC4 
(Rivest's Cipher 4) encryption and/or decryption. 

35. (Original) The method of claim 34, wherein said RC4 encryption and/or 
decryption is performed by operating at least part of the single-purpose 
hardware. 

36. (Original) The method of claim 35, wherein said part of the single-purpose 
hardware has a tree structure. 

37. (Original) The method of claim 36, wherein said RC4 encryption and/or 
decryption is performed by operating only a sub-part of the single-purpose 
hardware corresponding to the tree root, part of the tree leaves and the tree 
components interconnecting the tree root with said part of the tree leaves. 



6 



38. (Original) The method of claim 37, wherein said sub-part of the single- 
purpose hardware corresponds to the tree root, two of the tree leaves and 
the tree components interconnecting the tree root with said two of the tree 
leaves. 

39. (Original) The method of claim 34, wherein the step of performing said 
RC4 encryption and/or decryption comprises encrypting or decrypting at 
least part of a data frame comprising bytes, and said RC4 encryption 
and/or decryption is split over at least two operating periods of the single- 
purpose hardware to encrypt or decrypt one byte of the data frame. 

40. (Original) The method of claim 31, wherein said data frame encapsulation 
and/or decapsulation is performed according to the CCMP (Counter-mode 
Cipher block chaining Message authentication code Protocol) protocol. 

41. (Original) The method of claim 40, wherein the step of performing said 
data frame encapsulation and/or decapsulation comprises performing 
CCMP-AES (Advanced Encryption Standard) encryption and/or 
decryption. 

42. (Original) The method of claim 41, wherein the step of performing said 
CCMP-AES encryption and/or decryption comprises encrypting or 
decrypting at least part of a data frame comprising bytes, and said CCMP- 
AES encryption and/or decryption is performed by repeatedly performing 
a sequence of encryption or decryption steps on said part of the data 
frame. 

43. (Original) The method of claim 42, wherein the step of performing the 
sequence of encryption or decryption steps comprises performing byte 
substitution using a plurality of cryptographic substitution boxes. 

44. (Original) The method of claim 43, wherein the step of performing byte 
substitution on said part of the data frame comprises sequentially 
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performing the byte substitution on a plurality of sub-parts of said part of 
the data frame. 

45. (Original) The method of claim 42, wherein the step of performing the 
sequence of encryption or decryption steps is split over at least two 
operating periods of the single-purpose hardware. 

46. (Previously Presented) A single-purpose hardware device for performing 
data frame encapsulation and/or decapsulation during encrypted WLAN 
(Wireless Local Area Network) communication, comprising: 

internal hardware components; and 

an interface for communicating with an external hardware component 
configured to perform a connection set-up for the encrypted WLAN 
communication by executing software-implemented instructions of driver 
software without exchanging intermediate data with the single-purpose 
hardware device, wherein performing said connection set-up comprises 
exchanging cryptographic keys between a WLAN station and another 
WLAN station and/or a WLAN access point; 

wherein said internal hardware components comprise internal single- 
purpose hardware components configured to perform the data frame 
encapsulation and/or decapsulation without executing software- 
implemented instructions of said driver software once the connection set- 
up is completed; and 

wherein performing said encrypted WLAN communication comprises 
obtaining a plurality of data frames intended for said data frame 
encapsulation from driver software. 

47. (Original) The single-purpose hardware device of claim 46, wherein said 
internal hardware components further comprise an internal memory for 
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storing data frames intended for or resulting from the data frame 
encapsulation or decapsulation. 

48. (Original) The single-purpose hardware device of claim 47, wherein said 
internal memory comprises an arbitration unit for performing memory 
access control. 

49. (Original) The single-purpose hardware device of claim 47, wherein said 
internal memory comprises a hash memory for storing cipher information 
indicating a determining factor for performing the data frame 
encapsulation and/or decapsulation. 

50. (Original) The single-purpose hardware device of claim 49, wherein said 
determining factor comprises a cipher protocol suitable for performing the 
data frame encapsulation and/or decapsulation. 

51. (Original) The single-purpose hardware device of claim 49, wherein said 
determining factor comprises a cryptographic key suitable for encrypting 
or decrypting a data frame. 

52. (Original) The single-purpose hardware device of claim 47, wherein said 
internal hardware components further comprise a radio transceiver for 
receiving data frames from and/or transmitting data frames to a WLAN 
station and/or WLAN access point. 

53. (Original) The single-purpose hardware device claim 52, wherein said 
internal single-purpose hardware components comprise a cryptographic 
component for performing the data frame encapsulation and/or 
decapsulation and a MAC (Medium Access Control) component for 
communicating with the radio transceiver. 

54. (Original) The single-purpose hardware device of claim 53, wherein said 
cryptographic component and said internal memory are arranged to 
communicate with each other. 
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55. (Original) The single-purpose hardware device of claim 53, wherein said 
cryptographic component and said MAC component are arranged to 
communicate with each other. 

56. (Original) The single-purpose hardware device of claim 53, wherein said 
MAC component and said internal memory are arranged to communicate 
with each other. 

57. (Original) The single-purpose hardware device of claim 53, wherein said 
internal memory is arranged to communicate, over the interface, with the 
external hardware component. 

58. (Original) The single-purpose hardware device of claim 53, wherein said 
MAC component further is for performing a prioritization algorithm for 
selecting a data frame for said data frame encapsulation from a plurality of 
data frames. 

59. (Original) The single-purpose hardware device of claim 46, wherein at 
least one of said internal single-purpose hardware components is capable 
of inserting a packet number and/or sequence number into a data frame. 

60. (Original) The single-purpose hardware device of claim 46, wherein at 
least one of said internal single-purpose hardware components is capable 
of generating cryptographic data suitable for encrypting or decrypting a 
data frame. 

61. (Original) The single-purpose hardware device of claim 60, wherein said 
at least one of the internal single-purpose hardware components is capable 
of generating cryptographic data comprising authentication data suitable 
for encrypting a data frame in a manner specific to a WLAN station or 
decrypting a data frame encrypted in a manner specific to a WLAN 
station. 
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62. (Original) The single-purpose hardware device of claim 46, wherein said 
internal single-purpose hardware components are for performing the data 
frame encapsulation and/or decapsulation according to the TKIP 
(Temporal Key Integrity Protocol) protocol; 

wherein at least part of the internal single-purpose hardware components 
further is for performing RC4 (Rivest's Cipher 4) encryption and/or 
decryption; and 

wherein said part of the internal single-purpose hardware components is 
adapted to perform the RC4 encryption and/or decryption on at least part 
of a data frame comprising bytes. 

63. (Original) The single-purpose hardware device of claim 62, wherein said 
part of the internal single-purpose hardware components has a tree 
structure; and 

wherein said part of the internal single-purpose hardware components is 
further adapted to perform the RC4 encryption and/or decryption on one 
byte by operating only a sub-part of said part of the internal single-purpose 
hardware components, said sub-part corresponding to the tree root, part of 
the tree leaves and the tree components interconnecting the tree root with 
said part of the tree leaves. 

64. (Original) The single-purpose hardware device of claim 63, wherein said 
sub-part of said part of the internal single-purpose hardware components 
corresponds to the tree root, two of the tree leaves and the tree components 
interconnecting the tree root with said two of the tree leaves. 

65. (Original) The single-purpose hardware device of claim 62, wherein said 
single-purpose hardware device is operated periodically; and 

wherein said part of the internal single-purpose hardware components is 
adapted to perform the RC4 encryption and/or decryption on one byte by 



11 



splitting the RC4 encryption and/or decryption over at least two operating 
periods of said single-purpose hardware device. 

66. (Original) The single-purpose hardware device of claim 46, wherein said 
internal single-purpose hardware components are for performing the data 
frame encapsulation and/or decapsulation according to the CCMP 
(Counter-mode Cipher block chaining Message authentication code 
Protocol) protocol; 

wherein at least part of the internal single-purpose hardware components 
further is for performing CCMP-AES (Advanced Encryption Standard) 
encryption and/or decryption on at least part of a data frame comprising 
bytes by repeatedly performing on said part of the data frame a sequence 
of encryption and/or decryption steps comprising byte substitution; and 

wherein said part of the internal single-purpose hardware components 
comprises a plurality of cryptographic substitution boxes for performing 
the byte substitution. 

67. (Original) The single-purpose hardware device of claim 66, wherein said 
plurality of cryptographic substitution boxes is adapted to perform the byte 
substitution on said part of the data frame by sequentially performing the 
byte substitution on sub-parts of said part of the data frame. 

68. (Original) The single-purpose hardware device of claim 66, wherein said 
single-purpose hardware device is operated periodically; and 

wherein said internal single-purpose hardware components are adapted to 
perform the sequence of encryption and/or decryption steps by splitting 
said sequence over at least two operating periods of the single-purpose 
hardware device. 
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69. (Previously Presented) An integrated circuit chip for performing data 
frame encapsulation and/or decapsulation during encrypted WLAN 
(Wireless Local Area Network) communication, comprising: 

internal integrated circuits; and 

at least one data bus for communicating with an external CPU (Central 
Processing Unit) configured to perform a connection set-up for the 
encrypted WLAN communication by executing software-implemented 
instructions, wherein said connection setup is performed by driver 
software without exchanging intermediate data the integrated circuit chip, 
wherein performing said connection set-up comprises exchanging 
cryptographic keys between a WLAN station and another WLAN station 
and/or a WLAN access point; 

wherein said internal integrated circuits comprise internal single-purpose 
integrated circuits configured to perform the data frame encapsulation 
and/or decapsulation without executing software-implemented instructions 
of said driver software once the connection set-up is completed; 

wherein performing said encrypted WLAN communication comprises 
obtaining a plurality of data frames intended for said data frame 
encapsulation from driver software. 

70. (Cancelled). 

71. (Previously Presented) A computer system for performing encrypted 
WLAN (Wireless Local Area Network) communication, comprising: 

first means for performing a connection set-up for said encrypted WLAN 
communication, wherein performing said connection set-up comprises 
exchanging cryptographic keys between a WLAN station and another 
WLAN station and/or a WLAN access point; and 
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second means for performing data frame encapsulation and/or 
decapsulation during said encrypted WLAN communication; 

wherein said first means is for performing the connection set-up by 
executing software-implemented instructions of driver software without 
exchanging data with said second means; and 

wherein said second means comprises a single-purpose hardware device, 
and wherein said second means is configured to perform without 
executing software-implemented instructions of said driver software; 
wherein performing said encrypted WLAN communication comprises 
obtaining a plurality of data frames intended for said data frame 
encapsulation from driver software. 

72. (Previously Presented) The method as recited in claim 1, wherein the 
single-purpose hardware is a circuit dedicated for performing 
encapsulation and decapsulation without execution of any software 
instructions. 

73. (Previously Presented) The method as recited in claim 72, wherein the 
single-purpose hardware is coupled to receive plaintext data from the 
driver software, and wherein the single-purpose hardware is further 
coupled to provide decapsulated data to the driver software. 
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